The latest articles on DEV Community by pratikshap31 (@pratikshap31). https://dev.to/pratikshap31 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F898161%2F8caa7d1c-fd09-41ed-983e-6d3b7480af32.png https://dev.to/pratikshap31 en pratikshap31 Fri, 29 Jul 2022 08:36:15 +0000 https://dev.to/pratikshap31/i-am-getting-session-cookies-domain-error-while-running-the-enlighten-package-1m27 https://dev.to/pratikshap31/i-am-getting-session-cookies-domain-error-while-running-the-enlighten-package-1m27 <p>Check 92/126: Horizon uses a separate sub-domain with its own set of cookies to protect against session hijacking. Failed While Horizon uses a separate domain, your application session cookies are still shared with Horizon. This exposes your application to session hijacking, where if either your main application or Horizon is compromised, the other would also be compromised. It is recommended to configure separate cookies by setting the session domain configuration to null. At config/session.php, line 158. Documentation URL: <a href="https://www.laravel-enlightn.com/docs/security/horizon-security-analyzer.html">https://www.laravel-enlightn.com/docs/security/horizon-security-analyzer.html</a></p> <p>I have multiple subdomains. each user has their own subdomain. I have the primary subdomain “my”. I am using session_domain to manage session cookies. The value of the session domain is “.projectame.com”. I am facing a redirect issue when putting a null value for session_domain.</p> <p>when the session domain is null, I am having an issue redirecting from my.projectname.com to username.projectname.com.</p> <p>Does anyone know how to solve it?</p> laravel horizon session cookie pratikshap31 Tue, 26 Jul 2022 08:40:07 +0000 https://dev.to/pratikshap31/session-hijacking-issue-in-laravel-enlightn-1ml6 https://dev.to/pratikshap31/session-hijacking-issue-in-laravel-enlightn-1ml6 <div class="ltag__stackexchange--container"> <div class="ltag__stackexchange--title-container"> <div class="ltag__stackexchange--title"> <div class="ltag__stackexchange--header"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--7Gn-iPj_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/stackoverflow-logo-b42691ae545e4810b105ee957979a853a696085e67e43ee14c5699cf3e890fb4.svg" alt=""> <a href="https://stackoverflow.com/questions/73119438/session-hijacking-issue-in-laravel-enlightn" rel="noopener noreferrer"> Session hijacking issue in laravel enlightn </a> </div> <div class="ltag__stackexchange--post-metadata"> <span>Jul 26 '22</span> <span>Comments: 1</span> <span>Answers: 0</span> </div> </div> <a class="ltag__stackexchange--score-container" href="https://stackoverflow.com/questions/73119438/session-hijacking-issue-in-laravel-enlightn" rel="noopener noreferrer"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Y9mJpuJP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/stackexchange-arrow-up-eff2e2849e67d156181d258e38802c0b57fa011f74164a7f97675ca3b6ab756b.svg" alt=""> <div class="ltag__stackexchange--score-number"> 0 </div> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--wif5Zq3z--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev.to/assets/stackexchange-arrow-down-4349fac0dd932d284fab7e4dd9846f19a3710558efde0d2dfd05897f3eeb9aba.svg" alt=""> </a> </div> <div class="ltag__stackexchange--body"> <p>I am getting session cookies domain error while running the enlightn package.</p> <p>Check 92/126: Horizon uses a separate sub-domain with its own set of cookies to protect against session hijacking. Failed While Horizon is currently using a separate domain, your application session cookies are still shared with Horizon. This exposes…</p> </div> <div class="ltag__stackexchange--btn--container"> <a href="https://stackoverflow.com/questions/73119438/session-hijacking-issue-in-laravel-enlightn" class="ltag__stackexchange--btn" rel="noopener noreferrer">Open Full Question</a> </div> </div> laravel php security